diff options
| author | Pedro Magalhães <mail@pmmaga.net> | 2018-08-01 22:28:09 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2018-08-12 15:49:13 +0200 |
| commit | a16aee6cee77571e3af604117bdc48b75d8a3315 (patch) | |
| tree | 2abdb0f54632c5f58bf1b85b4a21aefb46fd35ad /ext/session/session.c | |
| parent | 326d3d480c8187545f3e794c68c1fde09206fad9 (diff) | |
| download | php-git-a16aee6cee77571e3af604117bdc48b75d8a3315.tar.gz | |
Fix #76688: Disallow excessive parameters after options array
Diffstat (limited to 'ext/session/session.c')
| -rw-r--r-- | ext/session/session.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/session/session.c b/ext/session/session.c index c7d54b0ee7..c46af0d87d 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1704,6 +1704,15 @@ static PHP_FUNCTION(session_set_cookie_params) zend_string *key; zval *value; + if (path) { + path = NULL; + domain = NULL; + secure_null = 1; + httponly_null = 1; + php_error_docref(NULL, E_WARNING, "Cannot pass arguments after the options array"); + RETURN_FALSE; + } + ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(lifetime_or_options), key, value) { if (key) { ZVAL_DEREF(value); |